In the team, we all managed cloud infrastructures at some level at our previous jobs, as developers with serverless function needs or DevOps managing large production systems. And we all knew that sometimes an emergency required a manual change, a customer tweaked a setting on the console, the boss activated something that had an impact later…or put more simply, that the whole infrastructure was just not totally under control by Terraform (or similar tool), just because ops life in production is rarely perfect and ideal.
And all those tiny changes sometimes got forgotten about, or partially implemented in infrastructure-as-code later…
This talk covers three major topics:
Let’s first agree…
Learn how to use driftctl in a real-life environment, with multiple Terraform states and output filtering.
Whether it’s a script gone wild, a bad API call from a trusted Lambda, or just the daily SNAFU, you want to know about the situation.
Driftctl will do just that. In this guide, you will learn how to use driftctl an open source tool that tracks and warns of infrastructure drift, in a realistic real-life environment, with multiple Terraform states and output filtering. We will demonstrate how manual changes can impact drift detection and how driftctl complements Terraform plan!
We recommend using an…
When talking about infrastructure drift, you often get knowing glances and heated answers. Recording gaps in your infra between what you expected to be and the reality of what is, is a well known and widespread issue bothering hundreds of DevOps teams around the globe. Interesting to note though, is that depending on their context, the exact definition they will give of drift will vary.
Facing impacts and consequences ranging from intensive toil to dangerous security threats, many DevOps teams are keenly aware of the issue and actively looking for solutions.
We decided to look more closely into how they…
The need to manage multiple Terraform environments is very common. Indeed, getting started is one thing but then you end up with various environments that you need to manage, several teams, etc… So how do you manage terraform when you start having several environments like dev, staging, prod, and how do you manage the complexity?
If you need to manage several Terraform environments, there are a lot of ways to ramp up your approach and get started.
Getting started step by step with single tf files
. The task can be daunting to know all the good practices at first, and…
People often ask: can you, and should you declare variables in Terraform?
One of the biggest issues I had in my “Chef” days was that I could multiply strings
by booleans
which used to create very nice issues in production.
So, yes you can type variables in Terraform. Let me show you an example :
Terraform code quality is important and there are a lot of tools to improve it. A lot of them are quite difficult to use. Here are a few tools that we find really useful and can be set up in minutes for you.
Terraform works with providers for each cloud and has resources. Basically, you can see it as an instance to launch in which you describe what you want. Let’s see how internal tools can help you improve your Terraform code quality.
Terraform validate
is a subcommand in Terraform that will only address structure and coherence, which means that…
There are different ways to manage manual changes on your infrastructure in Terraform, depending on the case. Here are 3 options :
Let’s say you have you have a security group that was changed manually by one of your team members, like opening an HTTP port for a specific subnet, and you discover this at the next terraform apply
. This is an easy case.
You will have the diff in the terraform output
(be it on CI, or on your laptop). That means that you can add this difference as a snippet directly on your terraform code and apply it…
The TFState
file in Terraform is what makes it very different from other systems. You can spin and launch infrastructures with other configuration management tools like Chef, Saltstack, and Ansible, but the biggest difference with Terraform relies on this state.
You can see your TFState file as a big JSON
structure of the reality of your infrastructure working together with the Terraform code in which you declare the so-called “desired state” you want to achieve.
This desired state is declarative, which means that when you declare within your code that you want a specific resource with a specific configuration and…
Yes! You should be testing your Terraform code. There is a lot of ways you can do it. It is very similar to standard software engineering processes. It comes from the same culture, so there is no surprise here.
You can execute a linter directly on your laptop if that is what you want or execute it on your CI/CD system because you want to ensure others respects some coding conventions or standardization.
One linter in Terraform that I really like is named TFlint. It is open-source and available on Github. This linter even has a deep linting feature that…
Protecting codified infrastructures